| Question.26 NIST SP 800-53A DOES NOT provide which of the following assessment methods to the Security Control Assessor? (A) Examine (B) Interview (C) Documentation (D) Test |
26. Click here to View Answer
Correct Answer : (C) Documentation
| Question.27 In accordance with FIPS 199, what word is used to describe potential “LOW” impact items? (A) Serious (B) Limited (C) Minor (D) Low |
27. Click here to View Answer
Correct Answer : (B) Limited
| Question.28 The security assessment plan provides: (A) The detailed criteria that the Authorizing Official must use to select the Authorization decision. (B) The objectives for the security control assessment and a detailed roadmap of how to conduct such an assessment (C) The objectives that the Information System Owner has establish to ensure that s/he has enough information to form a proper POA&M in accordance with OMB Memorandum 02-01 (D) The list of threats and vulnerabilities used in determining the correct level of risk and controls for the SSP |
28. Click here to View Answer
Correct Answer : (B) The objectives for the security control assessment and a detailed roadmap of how to conduct such an assessment
| Question.29 The main purpose of System Authorization is: (A) Acceptance and management of risk (B) To maintain control of the Agency assets (C) Reduction of risk to as low a level as possible (D) Ensure the Authoring Officials maintain operational control of systems |
29. Click here to View Answer
Correct Answer : (C) Reduction of risk to as low a level as possible
| Question.30 Security control assessment is: (A) Formal acceptance of risk (B) Used to select additional controls for the system prior to authorization (C) Evaluation of technical and non-technical controls (D) Validation of test results |
30 Click here to View Answer
Correct Answer : (C) Evaluation of technical and non-technical controls